CVE Catalog

CVE-2026-22859

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.76%

51th percentile - higher than 51% of all known CVEs

Summary

In FreeRDP prior to version 3.20.1, the URBDRC client does not perform bounds checking on server-supplied MSUSB_INTERFACE_DESCRIPTOR values, using them as indices in libusb_udev_complete_msconfig_setup, which causes an out-of-bounds read.

Risk Assessment

A malicious RDP server could exploit this vulnerability to read memory from the client, potentially leaking sensitive information or causing client instability.

Recommendation

Upgrade FreeRDP to version 3.20.1 or later immediately, which includes a fix for this vulnerability.

Original NVD description (English source)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on server‑supplied MSUSB_INTERFACE_DESCRIPTOR values and uses them as indices in libusb_udev_complete_msconfig_setup, causing an out‑of‑bounds read. This vulnerability is fixed in 3.20.1.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS